Nowadays the computational grid uses X.509 digital certificates for a wide variety of security-related tasks, ranging from user authentication to job execution's delegation. However to ensure a comprehensive security framework such credentials need to be validated so that revoked, suspended and any other compromised certificate will not be allowed to access grid resources. To achieve such tasks great interest is being given to the online certificate status protocol (OCSP) in security workgroups from the global grid forum. In order to better understand the special requirements related with its use in previous work we introduced the Open GRid Ocsp API (OGRO), which provides OCSP support to the Globus toolkit 4. However that research concluded that the grid introduces some special requisites for OCSP's performance and security. As a follow-up to that work, this paper provides a comprehensive performance comparison between the novel prevalidation and caching mechanisms proposed by the authors to further improve Grid-OCSP. In addition, research about security compliance of both mechanisms around the newest proxy revocation concept is also presented in this work
[1]
Carlisle M. Adams,et al.
X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP
,
1999,
RFC.
[2]
Gregor von Laszewski,et al.
A Java commodity grid kit
,
2001,
Concurr. Comput. Pract. Exp..
[3]
Manuel Medina,et al.
Using OGRO and CertiVeR to Improve OCSP Validation for Grids
,
2006,
GPC.
[4]
Manuel Medina,et al.
Towards a Unified Authentication and Authorization Infrastructure for Grid Services: Implementing an Enhanced OCSP Service Provider into GT4
,
2005,
EuroPKI.
[5]
Geoffrey C. Fox,et al.
Special Issue: ACM 2000 Java Grande Conference
,
2001,
Concurr. Comput. Pract. Exp..
[6]
Borja Sotomayor,et al.
The Globus Toolkit 4
,
2006
.
[7]
Antonino Mazzeo,et al.
An Innovative Policy-Based Cross Certification Methodology for Public Key Infrastructures
,
2005,
EuroPKI.